βΌ CVE-2022-27919 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27906 βΌ
π Read
via "National Vulnerability Database".
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26659 βΌ
π Read
via "National Vulnerability Database".
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24643 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26197 βΌ
π Read
via "National Vulnerability Database".
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27920 βΌ
π Read
via "National Vulnerability Database".
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25523 βΌ
π Read
via "National Vulnerability Database".
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44905 βΌ
π Read
via "National Vulnerability Database".
Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1071 βΌ
π Read
via "National Vulnerability Database".
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26198 βΌ
π Read
via "National Vulnerability Database".
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26620 βΌ
π Read
via "National Vulnerability Database".
Akeo Consulting Rufus Executable 3.17.1846 and Rufus Portable Executable 3.17p were discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted x86 DLL in the same directory as other executables.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26200 βΌ
π Read
via "National Vulnerability Database".
Technitium Installer v4.4 was discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted DLL in the same directory as the current installer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26205 βΌ
π Read
via "National Vulnerability Database".
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27948 βΌ
π Read
via "National Vulnerability Database".
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26245 βΌ
π Read
via "National Vulnerability Database".
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1106 βΌ
π Read
via "National Vulnerability Database".
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
π’ F-Secure launches WithSecure, spinning off entire enterprise portfolio π’
π Read
via "ITPro".
After years of trying to integrate business and consumer streams, F-Secure signals a complete split will help both new entities focus on their customers and industry relevanceπ Read
via "ITPro".
IT PRO
F-Secure launches WithSecure, spinning off entire enterprise portfolio | IT PRO
After years of trying to integrate business and consumer streams, F-Secure signals a complete split will help both new entities focus on their customers and industry relevance
π’ The keys to catching a cyber crook π’
π Read
via "ITPro".
Why greed, carelessness and an itch for glory are highly exploitable chinks in a cyber criminal's armourπ Read
via "ITPro".
IT PRO
The keys to catching a cyber crook | IT PRO
Why greed, carelessness and an itch for glory are highly exploitable chinks in a cyber criminal's armour
π’ EU proposes new bloc-wide cyber security regulations π’
π Read
via "ITPro".
The Computer Emergency Response Team for the EU institutions, bodies, offices, and agencies (CERT-EU) will be renamed as the βCybersecurity Centre'π Read
via "ITPro".
IT PRO
EU proposes new bloc-wide cyber security regulations | IT PRO
The Computer Emergency Response Team for the EU institutions, bodies, offices, and agencies (CERT-EU) will be renamed as the βCybersecurity Centre'
π’ Linux botnet spreads using Log4Shell flaw π’
π Read
via "ITPro".
The malware uses DNS tunnelling to communicate with its C2 control serverπ Read
via "ITPro".
IT PRO
Linux botnet spreads using Log4Shell flaw | IT PRO
The malware uses DNS tunnelling to communicate with its C2 control server
π’ How a platform approach to security monitoring initiatives adds value π’
π Read
via "ITPro".
Integration, orchestration, analytics, automation, and the need for speedπ Read
via "ITPro".
IT PRO
How a platform approach to security monitoring initiatives adds value
Integration, orchestration, analytics, automation, and the need for speed